The OECD held a "high-level" meeting in June 2011 that was intended to build upon the OECD Ministerial on The Future of the Internet Economy held in Seoul, Korea in June 2008. I was invited to attend this meeting as part of the delegation from the Internet Technical Advisory Committee (ITAC), and here I'd like to share my impressions of this meeting.

The presentations I heard at this meeting could be broadly classified into a number of themes, as outlined below.

Public Policy: The Internet as a brilliant success of Multi-Stakeholderism

The first theme was somewhat self-congratulatory in nature, and noted that the Internet has been very effective in achieving economic growth. One speaker cited from a McKinsey report that the level of economic growth attributable to the Internet in 15 years, as measured by GDP growth, equalled the level of GDP growth experienced in the Industrial Revolution over 50 years.

The speakers who talked to this theme espoused freedom of expression, freedom of governance, and freedom of enterprise - online. The Secretary General of the OCED proposed that the OECD, and its working methods of inclusion of governments, the private sector, civil society and the technical community, was uniquely positioned to further this effort. As he noted in his presentation to this meeting, "The OECD has already established many of the social norms that define the Internet today." He espoused a light touch public policy environment as a platform to provide growth, and a driver of innovation that improves efficiency and growth. In other words, when handled with some consideration and care from a perspective of public policy and governance, the Internet will continue to play the role of a critical enabling tool for wealth creation.

The prevalent meme of today appears to be "multi-skateholderism," which appears to relate to today's mixed environment of public and private sector activity, coupled with explicit recognition of civil society and other vested interests, including the technical sector as stakeholders in the process.

The tone of such presentations on the success of the open Internet and upon light touch public policies and multi-stakeholderism was generally upbeat, with some concessions to the challenges of security and net neutrality, but overall there was a sense that if the process was well structured, then such challenges could be properly addressed to the satisfaction of all.

In many ways this is little more than self-congratulatory rhetoric about the positive outcomes that have resulted from the general deregulation of the telecoms sector in the late 20th century and the associated shift of the model of service in this sector from a single public sector utility telecom operator to a diverse set of competitive private sector actors. However, an implicit subtext within this theme was a critical commentary on alternative approaches to coordination frameworks for national and international communications, notably the ITU-T, and a rather barbed criticism of the ability of such treaty-based institutions to perform the necessary structural changes to their institutional model that would allow the institution to reflect the broader set of stakeholders that are peer players in today's landscape. Perhaps behind the rhetoric is one more piece of preparatory activity in the extended leadup to the renegotiation of the world telecommunications treaty by the set of nation states that have some level of commitment a communications industry structure that is now largely based on private sector activity within a framework of open competition, and a general desire to reduce, to some extent, an indefinite continuance of the encumbrances, obligations, and structural cross-subsidies that are associated with the current treaty obligations that stand behind the ITU-T.

The Faltering of the Traditional Carrier

A number of speakers on the topic of broadband infrastructure were critical of today's network infrastructure. A salient comment I heard at one point was: "This sector really has a problem in meeting demand."

Some of the now-privatised telcos (for example, the presentation from Telecom Italia) were effectively claiming that with the impositions of net neutrality and the imposition of a public policy agenda of ubiquitous equitable access for all to a high speed broadband infrastructure funded through private capital investment was not a viable proposition.

The broader question was raised in a presentation from the Korean delegate, who raised the question as to who should fund broadband network infrastructure construction. The Australian presentation made that case that such large scale broadband infrastructure projects exceeded the capacity of private enterprise, and therefore the responsibility to lead such projects fell to the public sector. Although it has to be noted that this leadership comes at the considerable cost of around $2,000 per capita in the Australian case, and it therefore takes a relatively robust economy to underwrite such a significant level of public capital expenditure within the broader collection of public sector issues. Many other OECD economies appear to have largely left the activity of the construction of broadband network infrastructure to the agenda of the private sector, particularly where financing is concerned, and limited their involvement to cheering from the sidelines. The outcomes so far from such an approach are not exactly stellar.

Another carrier, AT&T, asserted that public communications policy in broadband infrastructure is being driven by a vocal minority rather than the mainstream and asserts that this imbalance in policy formulation will result in subsequent retrograde intervention that will restore what he termed as "20th century regulation." He argued for continuance of deregulation and a "hands-off" policy response by government. He noted that a policy priority of broadband access, at an affordable price, as a enabler of economic outcomes, and a lever to improve delivery of social services and utilities. Interestingly, he noted a $95B infrastructure investment by AT&T over the past 5 years and claimed that this cost could not feasibly be recovered from the end user base because the imposition of additional costs onto the consumer base would exclude large sectors of users from the network, and this would be counter to a an objective of ubiquity of access. Given the stated preference for continuation of an industry model that is a deregulated industry lead by private sector investment, it would appear that AT&T is constructing a case to forego the concept of network neutrality with respect to their carriage services, and they apparently wish to have the ability to impose additional costs on content industry actors if they want to have high speed visibility to users on AT&T's broadband network and recover a significant proportion of their investment in this manner.

Network neutrality is a significant issue in today's industry, and it appears to be used by the carriers and operators as a keyword for their lack of incentive for infrastructure investment beyond the existing cooper loop wired infrastructure, citing that net neutrality acts as an investment disincentive that brings the financial returns on capital investment in infrastructure below what they consider to be acceptable levels that are able to meet the cost of private capital in their enterprises. At the same time they are pointing to the lack of radio spectrum as the reason for a lack of further investment in mobile data infrastructure, and accusing application developers of generating mobile content applications that make extravagant use of bandwidth, and hence extravagant use of spectrum as being part of the problem they face.

With some small level of dissension, there appears to be a general admission that demand on today's Internet is not only outstripping current levels of supply, demand growth now is outstripping the sector's business plans, capital investment capability and even technical capability, and the resultant need to exercise common constraint in an environment of limited resources is counter to an industry whose relatively crude content and service models appear to be based on continued abundance of the basic commodity of bandwidth and ubiquitous connectivity.

Security and Privacy

This is one of those mantra topics - everyone agreed that security is a Good Thing (at least I heard noone argue against the concept!), and all speakers who touched upon this topic appeared to agree with the proposition that this was a current issue and by no means a solved problem. But where to go from here was definitely not so clear.

It was clearly recognised that the quantity, breadth and detail of information that is now online poses some serious concern. The risk profile of unintended information exposure now includes individuals, organisations and even nation states. The security industry is becoming overwhelmed with the onslaught of new threats on a continuing basis, and the underlying concern is that the current level of cyber attack may mutate at any time into attack profiles associated with cyber warfare between nation states.

Industry commentators perceive this topic to have a low priority in the political agenda, where politicians want lower prices and greater regulatory control, while the ability of the private sector to invest in the necessary resources and measures to support greater levels of online security is limited by the relatively low value placed on this activity by end users. In some ways the issue of security in todays networks, particularly as they relate to high end security measures that are capable of defending a national communications system against broad scale infrastructure attack of a scale and intensity anticipated in the context of a concerted and well resourced attack (such as envisaged in a cyber warfare attack, for example), is seen to be beyond the scope of conventional private sector infrastructure operators. At the same time the public sector is showing some signs of uncertainty as to how to engage with this agenda, as this is a matter that is well beyond simple regulatory responses.

Hand-in-hand with security is the topic of privacy. It was asserted that the challenge about privacy is not about technology, as today's technology is adequately capable of supporting privacy, but is about the nexus of privacy policies and technology. In order to implement scalable systems that respect and adhere to privacy policies and are functional, there is a need to invest in an effort to define common privacy and authentication standards, i.e., standards relating to the nature of credentials that appropriately define individuals and roles, reputation mechanisms and validation of such credentials and the associated topic of negotiation of trust. The privacy management reference model is looking at operational privacy management in online services, and public standards need to be considered in the development of services. There is some optimism that policy entropy and conflicting standards can be addressed, assuming that the various actors in the area talk to each other and work in the context of industry-driven standards that are based on interoperable implementations. There is the expectation that the industry can deploy systems that can manage privacy conflict and ensure compliance with public policy frameworks that would engender trust and confidence. It was suggested that governments need to support the effort to foster the greater use of standards organisations to facilitate the development of data privacy standards and their adoption.

IPR and Intermediaries

This is a long-standing issue in this sector. The copyright holders have been reluctant, or incapable, on the whole to modify their business model to adapt to the capabilities of computing systems and computer networks to replicate and redistribute content. In the face of monotonically declining sales revenue of traditional media, and the collapse of many of former major players in the media-based content distribution industry, the content industry resorted to legal means to attempt to curb the decline in their industry.

The Digital Millennium Copyright Act in the United States is perhaps the most well known, but no means unique, example of this push for legislative remedies to unauthorized redistribution of content, and the industry has, at least in the realm of the public policy debate successfully managed to apply a lexicon that includes emotive terms such as "theft", "illegal", and "piracy" to such redistribution activities and have this lexicon adopted by the broader industry and in public policy debates.

However, such actions have been largely unsuccessful in terms of reducing the level of such unauthorized redistribution of content and the associated revenue leak that such redistribution represents to copyright holders. The copyright industry has now turned its attention to attempts to coerce the carriage providers to act as co-opted vigilantes in the efforts to enforce intellectual property rights.

This effort runs counter to the general principle of the role of a common carrier, where, in somewhat approximate terms, the carrier is bound to respect the privacy of the parties to whom it has contracted to act as a carrier, and in return is not held to be liable for the content carried across its network. However, there is a strong push to have the public sector to force the carriage sector, and all others who act as "intermediaries' in the provision of services and content to users, to play an active role in enforcing the intellectual property rights of copyright holders of the material. Rather than starting from an assumption that carriage providers and intermediaries are not liable for the content they carry on behalf of users, the default position being pushed in the context of this OECD meeting is one of assuming that such liabilities already exist, and the consequent agenda is to "limit" such liabilities.

It has been pointed out by critics of this approach (such as in a recent blog entry on this topic) that the wording of the communiqué from this meeting that some of the stakeholders, notably the technical community according to this particular critic, acted in a way that played into the hands of the IPR efforts: "Lacking the historical perspective, ITAC failed to see the camels nose being inserted under the tent in the IPR and Intermediary Liability sections." (http://blog.internetgovernance.org/blog/_archives/2011/7/4/4851881.html)

Some of the presentations at the meeting were staunchly in favour of the copyright industry's proposals for making carriers and ISPs liable for content. In particular the presentation by Vivendi went as far as claiming that the entire content creation industry would come to a complete halt if IPR theft was not halted using all available means. The assertion was made in this context that: "Copyright is a key component of economic growth."

An alternative view was put forward by Deezer (and presumably Pandora, were they to be present) is that "piracy" is just one competing service model for distribution of content, and the real goal of this industry should be to create business and service models for the distribution of content that represent a superior service proposition to users as compared to resorting to unauthorized redistribution of content in the form of "piracy". Such new service models should allow IPR to be respected and due royalties paid in the use of copyright material. From Deezer's reported commercial success, this is evidently an achievable objective.

In any case, the default position of assuming some unspecified level of liability on the part of intermediaries, including carriage providers, and the need to "limit" this liability with respect to copyright material was maintained in the deliberations prior to this meeting, and the Civil Society Information Society Advisory Committee (CSISAC) was unable to endorse the resultant communiqué.

IPv6 - The Elephant in the Room

Oddly enough for a meeting that was intended to discuss the public policy aspects of the internet's future growth and the maintenance of the Internet's openness and ability to innovate, evolve and generate societal wealth through efficient and novel forms of connectivity and communication, the one topic that implicitly threatens the entire framework of today's Internet rated barely a mention in the meeting, namely the exhaustion of the IPv4 address pool and the industry's marked indifference to adopt IPv6. It was the unacknowledged elephant in the room.

While one speaker, Vint Cerf, highlighted the need to place IPv6 adoption as a matter of urgent priority in the public policy agenda, and noted that without IPv6, innovation on the Internet will suffer and beneficial outcomes from an open and accessible communications environment would cease, and we simply have no alternatives at this point in time. He noted that if this meeting can conclude with the imperative to deploy IPv6 across all parts of the Internet, then it would be a useful meeting with a positive message. Oddly enough, the chairman's summary at the end of this particular session omitted any reference to IPv6, despite this topic being the major theme of Vint's presentation.

There was certainly an air of disconnection that persisted through the meeting on the continued omission of any mention of IPv4 address exhaustion and the risks posed to the further growth of the Internet if IPv6 is not adopted in a timely manner. It got to the point that when a speaker from the UK Regulatory Office subsequently mentioned IPv6 and the need for the public sector to actively support its adoption, parts of the audience broke out in spontaneous applause.

It appears that despite many years of active promotion of IPv6 the message is still not getting heard within the area of public policy. The comprehensive transition the Internet to IPv6 is a central pillar of any expectation that the Internet can continue to grow and sustain a vibrant environment based on open competition and innovation. So far we appear to have failed to effectively make that case that in a networked environment that stalls on IPv6 the resultant NAT and ALG-ridden IPv4 environment is one where the current incumbents will hold all the addresses and any further competitive entry into the Internet by new actors, at both the levels of carriage and content services, would be effectively limited to the terms and conditions imposed by the incumbents. Such a scenario is about as good a definition of the failure of an open market as one could find, and its one that the Internet would do very well to avoid.

Where To From Here?

Somehow I'm missing the sense of driving optimism and opportunity that was associated with the 2008 OECD Ministerial on the Future of the Internet Economy. It's not clear to me that multi-stakeholderism is sufficiently powerful a mantra to shake off the issues that confront this industry as it slowly shifts into a phase of success-disaster.

Yes, the mobile market is a massive commercial success, so much so that we are now running out of useable spectrum space in the most populous parts of the networked world.

Yes, the wired internet is transforming our economies, so much so that the pressure to recable our infrastructure from copper to fibre is now an essential prerequisite to keeping pace with demand, but the capital is not there and the sustainable carrier business models are not there to undertake this effort.

Yes, the provision of content is a runaway success, but the copyright industry still cries foul and in an effort to curb some of the reported massive damage being inflicted to the entertainment industry there is an effort to rip apart the principle of common carrier and hold all elements of this industry liable for the unauthorised distribution of content.

And yes, we've managed to distribute billions of computers, but at the same time we've managed to create significant areas of vulnerability, and we are now witnessing the exploitation of these weaknesses shift from elements of organised crime to the distinct possibility of cyber warfare waged between nation states.

But I don't believe that any of these issues present insurmountable challenges. In seeking productive responses to these challenges we need to make sure that we are looking in the right place. These problems appear to arise from an intersection of rapid shift in the technology base of this industry intersecting a set of business and policy frameworks that are often somewhat conservative in their response to change. I would like to believe that many of the answers we are looking for lie in adaptation of business models and public policy frameworks, and the tools that will best assist this common effort are probably economic in nature.

For that reason I believe that the OECD has a valuable role in the coming months and years, and I am heartened to see the OECD continue to engage all stakeholders in a public dialogue that I hope will be ultimately fruitful and productive for the future of the Internet.

Disclaimer

The above views do not necessarily represent the views of the Asia Pacific Network Information Centre.